File and printer sharing - which ports most dangerous?
File and prnter sharing under XP-pro covers 4 ports:
tcp 139
tcp 445
udp 137
udp 138
I already have tcp 445 open for a certain reason. But now I need to open at least 1 other so that my Norman antivirus "Ndesk.exe" program on my server can function properly.
Norman support told me to open 1 of the other 3. But they could not tell me which 2 of these 3 ports it would be best to keep closed for security reasons.
Which 2 should I keep closed??
tcp 139
tcp 445
udp 137
udp 138
I already have tcp 445 open for a certain reason. But now I need to open at least 1 other so that my Norman antivirus "Ndesk.exe" program on my server can function properly.
Norman support told me to open 1 of the other 3. But they could not tell me which 2 of these 3 ports it would be best to keep closed for security reasons.
Which 2 should I keep closed??
Sorry I forgot to ask, are you talking about opening theses ports to the internet?
ASKER
I don't think I have a WINS service running. But how can I confirm that?
If it is not running, could I then activate udp 137?
If it is not running, could I then activate udp 137?
ASKER
Under advanced TCP/ip properties, under the WINS tab, I see:
An empty window under WINS addresses in order of preference.
Further down "aktivate LMHosts" is ticked.
NIETBIOS properties is set to "Standard"
An empty window under WINS addresses in order of preference.
Further down "aktivate LMHosts" is ticked.
NIETBIOS properties is set to "Standard"
ASKER
Only my internal network. Not open to the internet.
Sorry I re-read your original question this is justa desktop PC right? I doubt you have WINS running
however UDP 137 is a port that is probed a lot by potentially malicious individuals on the internet
however UDP 137 is a port that is probed a lot by potentially malicious individuals on the internet
if it's not open to the internet then I don't see any issues with opening ports internally as long as you are sufficiently protected from external sources by a firewall.
ASKER
But there is also the danger of internal attack also. So again, which would you recommend keeping closed out of tcp139 and udp137 ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
alternatively use windows firewall to control what machines have access to that those ports and block all other IP addresses.
ASKER
Thanks very much David. Bye.
is that what you where looking for ?
ASKER
Yes it was, except for 1 other question which occured to me:
UDP ports broadcast over the entire LAN and TCP ports send packets to specific ip addresses.
So forcing 40 computers on a LAN to use udp instead of tcp might create some flooding or overload of the LAN.
Any brief comments?
UDP ports broadcast over the entire LAN and TCP ports send packets to specific ip addresses.
So forcing 40 computers on a LAN to use udp instead of tcp might create some flooding or overload of the LAN.
Any brief comments?
what are your concerns over an internal attack?
you are correct that opening UDP 137 can cause flooding see here.
https://www.experts-exchange.com/questions/22849757/UDP-137-Flood-from-XP-Pro-Client.html
you are correct that opening UDP 137 can cause flooding see here.
https://www.experts-exchange.com/questions/22849757/UDP-137-Flood-from-XP-Pro-Client.html
ASKER
Thanks a lot for those comments. You've given me a lot to think about.
I won't take anymore of your time.
Thanks again. Bye
I won't take anymore of your time.
Thanks again. Bye
also look at this
http://www.iss.net/security_center/advice/Exploits/Ports/139/default.htm